[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #56423] module verification falls through to tpm, which approves it
|
From: |
Benjamin Doron |
|
Subject: |
[bug #56423] module verification falls through to tpm, which approves it automatically |
|
Date: |
Sat, 6 Jul 2019 11:24:52 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 |
Follow-up Comment #2, bug #56423 (project grub):
Update: I observe the same behaviour on the 2.04 release, but I think that
I've resolved the issue. Setting check_signatures to "enforce" results in the
expected behaviour (modules load if pgp signed, even with the tpm module
unloaded).
While an argument could be made for treating modules separately to regular
signature verification (i.e, check their signatures even if signatures for
other files aren't being checked), I'd consider this partially resolved. The
bugs that I numbered 2 and 3 still remain, although these possibly are out of
scope of the bug that I filed.
Most importantly, in my opinion, the documentation should be updated to
clarify the standard behaviour here, as others might understand it as I did.
(I could possibly do this.)
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?56423>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #56423] module verification falls through to tpm, which approves it automatically,
Benjamin Doron <=